[Git][security-tracker-team/security-tracker][master] 4 commits: add ruby-gon

Thu, 24 Sep 2020 06:18:39 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
adc3b7ef by Thorsten Alteholz at 2020-09-24T15:09:19+02:00
add ruby-gon

- - - - -
f8454d9b by Thorsten Alteholz at 2020-09-24T15:11:45+02:00
mark CVE-2020-11986 as no-dsa for Stretch

- - - - -
26cf0ecd by Thorsten Alteholz at 2020-09-24T15:13:36+02:00
add brotli

- - - - -
4088557d by Thorsten Alteholz at 2020-09-24T15:17:17+02:00
mark CVE-2020-5421 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31111,6 +31111,7 @@ CVE-2020-11987
        RESERVED
 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need 
to be ex ...)
        - netbeans <unfixed>
+       [stretch] - netbeans <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and 
mod_rewrite F ...)
        - apache2 2.4.25-1
@@ -48946,6 +48947,7 @@ CVE-2020-5422
        RESERVED
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 
5.0.0 - 5. ...)
        - libspring-java <unfixed>
+       [stretch] - libspring-java <no-dsa> (Minor issue)
        NOTE: https://tanzu.vmware.com/security/cve-2020-5421
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 
allow a mal ...)
        NOT-FOR-US: Cloud Foundry


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch 
https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes 
(abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible 
with the old architecture (abhijith)
 --
+brotli
+--
 cacti
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for 
jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)
@@ -151,6 +153,8 @@ ruby-doorkeeper
   NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with 
this update. (utkarsh)
   NOTE: 20200831: more investigation needed. (utkarsh)
 --
+ruby-gon
+--
 ruby-json-jwt (Utkarsh)
   NOTE: 20200914: testing against the new reproducer. (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to